xAI's Grok Build CLI Silently Uploaded Entire Private Repositories, Including Unredacted Secrets

A detailed breakdown alleges that xAI's coding agent exfiltrated whole Git repositories — private codebases and secrets included — with the company yet to publicly respond.

The most alarming AI story of the day is not about capability. It is about trust. According to a detailed writeup circulated by @IntCyberDigest, xAI's Grok Build CLI — the command-line coding assistant marketed to developers — was uploading entire Git repositories to xAI infrastructure, including private codebases and unredacted secrets. As of the report's publication, the account notes that xAI "still has not said a word."

If accurate, this is precisely the failure mode that has haunted the entire category of AI coding agents since they moved from autocomplete to autonomous execution. Coding tools operate with deep filesystem access by design. They need to read your project to help you build it. But there is a difference between reading a file locally and transmitting the full contents of a repository — API keys, database credentials, private business logic — to a remote server. The former is the job. The latter is a breach.

Get our free daily newsletter

Get this article free — plus the lead story every day — delivered to your inbox.

Want every article and the full archive? Upgrade anytime.

No spam. Unsubscribe anytime.